Gabriel Torok - Protecting .NET applications through obfuscation

Sign in to queue

Description

Gabriel Torok is CEO of Preemptive Solutions. They sell the Dotfuscator, which lets developers protect their programs against reverse engineering while making them smaller and more efficient. Here Mike Hall interviews Gabriel about how Dotfuscator works.

Tag:

Security

Embed

Download

Download this episode

The Discussion

  • User profile image
    kidzi
    This is interesting, but how does one go about debugging an application which is dotfuscated? I am used to internal apps where we can look at a call stack, list of 30 recent functions and runtime comments for our apps. 

    What is needed to provide a level of error information when the function names and strings are unreadable?
  • User profile image
    iStation
    MS, please include Dotfuscator Pro in MSDN subscription.
    At least, please include a string encryption and an ILDASM breaker in Dotfuscator community version of Visual Studio 2005!
    Please!!!!!
    Smiley
  • User profile image
    sn1p3t
    kidzi wrote:
    This is interesting, but how does one go about debugging an application which is dotfuscated? I am used to internal apps where we can look at a call stack, list of 30 recent functions and runtime comments for our apps. 

    What is needed to provide a level of error information when the function names and strings are unreadable?


    When you debug, it uses the original IL, not the obfuscated one, so internal debugging will remain  the same.

    I can't wait to see all the new features coming out!
  • User profile image
    lionel.l
    XenoCode's obfuscator provides a mapping file feature enabling you to convert back to readable information.

    For more details on the file mapping feature:

    http://www.xenocode.com/en/Man/advanced_topics/debugging_xenocode_processed_assemblies.htm

    Lionel Lindemann
    XenoCode Europe
    http://www.xenocode.com
  • User profile image
    kidzi

    OK. I re-read my post and I was a bit unclear. I meant debugging an issue from a user. The situationwould be f an end-user is running the app and it blows up - they would be running the obfuscated one.  How would you translate an error at end-user runtime into something you can work with back in the development area?

  • User profile image
    bleach
    There are a couple things you can do to facilitate debugging Dotfuscated applications.  The first best addresses your question:

    1) Use the stack trace decoding tool:


    When you Dotfuscate your code, one of the outputs is a map file-- it is an XML file that contains a mapping between the new names and the original names.  You should keep this file in a safe place (like version control) after you ship your application.


    Dotfuscator Pro includes a stack trace decoding tool.  If you get an obfuscated stack trace from a user in the field, you can paste it into the tool, point it to your map file, and press the decode button.  The tool reconstructs the original stack trace.

    2) For interactive debugging, round trip the PDB files.

    Dotfuscator Pro allows you to create a PDB file associated with the output assembly.  It will take source file, line number, and local variable information from the input assembly's PDB and include it in the output PDB.  You can use this to interactively debug Dotfuscated applications.  You can even step through the original source code.  The drawback is that the debugger will still show the obfuscated symbol names when you are trying to examine variables, etc.

    Regards,
    Bill Leach
    PreEmptive Solutions, Inc.
  • User profile image
    JJWR
    This is an old topic, but I find usefull to report that there is a new standalone tool to decode dotfuscator symbols and stack traces, so we do not need to buy the expensive dotfuscator pro version to do this tasks Wink  It is called dfstack

Add Your 2 Cents